RECon2006

This presentation will be about a virus/worm framework which takes advantage of the abundance of NOP-areas produced by modern compilers in executables.

The virus is bound to the x86 CPU architecture (with the
possibility of porting it to other CISC architectures); however, a
key feature of this infection vector is that the virus is operaing
system independent. The majority of my work so far has been done
on GNU/Linux but tests have been run on Windows XP, NetBSD and
FreeBSD. Future targets include Solaris/x86 and Mac OS X/x86. It
should be noted that this is not an ELF or PE/COFF virus: it is
executable format independent.

This presentation will explain, in gory-detail, how I implemented
the generation zero NOP-infectors in C and how self-replication is
done in the assembly version. I will describe the algorithms and
data structures involved; and I will talk about the many
challenges in implementing them and how those problems were solved.

I will talk about possible methods of detection, prevention and
what sysadmins might do to protect themselves. I will also talk
about future plans for the virus.